Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

There are articles on this topic, but I have decided to summarise everything in one, according to the tools we have in 2019 for the job. Provided you have the means mentioned, the task should take you up to 5 hours or less to get running again. It required however around 5 days for me to get there.

I agree, that everyone would have done so, Lucas. But if you are a techie and deal with hardware, known to be "unbrickable", the process becomes a challenge and promises a great feeling, once you can accomplish something like this. In addition, JTAG method works with virtually any hardware, that has flash memory, so can save also priceless devices.

Andrew, indeed once the process is written out like here, it will not take long. But piecing this all together and researching, as well as trying all possible recovery methods is what takes time. However I am not a professional in soldering, neither had I an oscilloscope to know what signal levels I have to receive in the end.

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Starting with Windows 2012 change for network interfaces (adding, replacing, ...) requires to uninstall and reinstall RRAS to apply those changes - purging the current RRAS setup. The following script shows how to add new interfaces without having to reinstall RRAS.

Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).

When you have a Wi-Fi, you might want to isolate the untrusted network from your network, since Wi-Fi is more vulnerable to attacks, as is a guest network. You will still be able to manage guest/Wi-Fi from your network. This is possible to do with an Edge router

Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.

About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consistently (that is, more than ten per cent of the time).

One minute everything would work fine; the next minute all (outbound) traffic would get dropped. After eight weeks of pulling my hair out (while talking to Cisco) it seems I had hit a 'documented' (but very well hidden bug) that means you cannot load balance on IOS 15 when using a dialer interface and NAT.

The long and short of it is that IOS gets confused and sends the packets to the wrong outbound interface it has just done the IP translation for. This means the ISP will (in the UK, at least) see the packet coming from what it sees as a spoofed IP address and will drop it.

Chances of getting load balancing to work with PPPoE: None (well almost none). Chances of seeing the bug fixed: Zero (apparently).

Incidentally, we were convinced to try a work around, involving buying another(!) Cisco router with load balancing on one and the EHWIC cards in the other (using PBR to route the traffic correctly). This works (kind of), but, due to PBR, maxes out at half the bandwidth of our two connections, which kind of defeats the point of having two lines.

Given it took Cisco eight weeks to find this bug in their own documentation (which happens to be hidden …

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.

Tired of waiting for your show or movie to load? Are buffering issues a constant problem with your internet connection? Check this article out to see if these simple adjustments are the solution for you.

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outgoing interface.

For this test we are going to use the simple network setup shown in the diagram below:Static Route using outgoing interface.
Let's configure R1 as follows:

This has all of the same benefits as routing to the next-hop address, but ensures that the traffic doesn't use another interface regardless of the routing table's data for the next hop. It also has other applications, such as statically leaking routes between VRF instances.

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done using a browser like Internet Explorer, Google Chrome or Firefox using an HTTP or HTTPs connection. For security purposes, it's important to consider the possibilities:

Access from the LAN side is likely safer than from the WAN (internet) side but may still need to be secured.

Access from the WAN (internet) side is "public" and needs to be secure.

There are at least two kinds of "security" that are possible:

1) It's important to select a combination of Username and Password for logging into the controls. In this case, both the Username AND the Password might be viewed as "passwords" as they both have to be entered correctly. There are plenty of good articles written about how to select passwords.

2) Unless one is willing to risk that their public login communications won't be intercepted then the communications need to be encrypted. This is where HTTPS comes in. It's fair to say that the WAN side communications, if actually public, must be encrypted. Similarly, internal LAN communications might also have the same requirement - but often not. There is almost no penalty for using HTTPS - so why not? [Well, there’s an issue regarding security certificates when using HTTPS and that’s …

No, I haven't published an article on VPN client access. All of my successful experience re: RV042 has been for site-to-site VPNs and not client-to-site VPNs. I't s been a long time. I found that the tough cases are best tackled by putting both endpoints in the same room for system integration using a "model" or fake internet in between. But these days with remote access being common, that may not be necessary.

The Certificate error will always be there because you need to buy an SSL Certificate for your Public webpage to be recognized publicly. For Lan you can provide a local cert though this is not really an issue.

Imagine you have a shopping list of items you need to get at the grocery store. You have two options:

A. Take one trip to the grocery store and get everything you need for the week, or
B. Take multiple trips, buying an item at a time, to achieve the same feat.

Obviously, unless you are purposefully trying to get out of the house you’d choose “A”. But why do we so often times choose “B” when it comes to our data transmission performance? The key metric here is efficiency.

MTU…says you need to buy Milk in 1 Gallon containers rather than by the ounce!

MTU is an acronym that stands for the Maximum Transmission Unit, which is the single largest physical packet size, measured in bytes, a network can transmit. If messages are larger than the specified MTU they are broken up into separate, smaller packets also known as packet fragmentation or “fragmented”, which slows the overall transmission speeds because instead of making one trip to the grocery store you are now making multiple trips to achieve the same feat. In other words, the maximum length of a data unit a protocol can send in one trip, without fragmentation occurring is dictated by the MTU value defined.

Do I Really need to Manually Correct the MTU Value?

The correct MTU value will help you select the correct shopping cart size in order to be the most efficient in your grocery shopping so that you don’t have to take multiple trips. Shouldn’t I just leave…

Hi Jason, I assume you are only changing it on one side of a VPN tunnel. If I am correct, then it would only benefit one side of the connection. So if that connection is having the issues then it may remedy the problem, however for greater efficacy I'd do both ends (they most likely will not have the same MTU).

Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s.
We were in need for public IP’s to publish our web resources at the branch office
Also Home ADSL connection ISP leases the DHCP IP address to the customers and this will IP can change on frequent basis and sometimes you will find it difficult for port forwarding

Anyway so after the upgrade we were given pre-configured Cisco Router by ISP. Unfortunately, the LAN subnet configured on the router was conflicting with our IP Addressing Schema. Therefore, it was important to change the subnet on the router.

When I access to the router through the console and issue sh running-config command but the resulting configuration was virtually blank.
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable.

BACKGROUND

SonicOS separates Service Objects into three different views or groupings: “All Services”, “Custom Services” & “Default Services”. Within each view there are two sections called “Service Groups” & “Services”. Service Groups are simply just Services grouped together for related purposes. Default Services are a list of system-created, commonly used, services that you can utilize to create many different networking policies and rules. They are not only created for convenience but they also play a key role in how default Access Rules function, which I’ll discuss later. For all intents and purposes Default Services Objects and Default Services are synonymous here and I’ll be focusing this discussion on the “Ping” Service Group within Default Services. Ping is just an example, but this bug occurs when renaming any Default Service Object.Some customers of SonicWALL security appliances will rename Default Services under the Service Groups section like Ping and rename it to “Ping Group” or “Group: Ping”, etc. to denote that it is in fact a group, which actually includes both Ping 0 (ICMP - reply) and Ping 8 (ICMP - request) rather than a single Service Object, e.g. Ping 8 (ICMP - request).

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

So, I decided to flash my router with DD-WRT to get more control over its configuration. The primary goal was to create an access point where DHCP addresses were only given out from the wireless interface and to isolate wireless clients from everything else on the LAN apart from the internet.

So I headed over to www.dd-wrt.com, searched the firmware database for the latest version for my router. Carried out the upgrade and all is well, connect to the web interface and ready to start configuring. I fished out a relevant article to assist:

Carried out all the steps, and going well, I can get a wireless DHCP address... But wait, no internet access.

I could get to the internet before I put the WLAN on its own bridge. Hmmm, lots of talk of iptable settings for the firewall script on the forums. After spending 5 hours, trying and retrying different settings I can across someone saying that the firmware suggested in the firmware database for your router isn't necessarily the latest or best. I did a bit more digging and I found what seems to be the latest version on their own website:

We've been using the Cisco/Linksys RV042 for years as:
- an internet Gateway
- a site-to-site VPN device
- a leased line site-to-site subnet-to-subnet interface
(And, here I'm assuming that any RV0xx behaves the same way as an RV042. So that's a caveat.)

In the first case, the WAN interface connects to or toward the internet connection or the "outside world".

In the VPN case, the WAN interface connects to or toward the internet connection or the "outside world".

In the site-to-site case we started in the same fashion with the WAN interface connecting to the "outside world" connection and the LAN ports, as usual, on the LAN in each instance.
It turns out this was a mistake as soon as we needed to do more than connect subnets. Like this:

As you probably know, there is little written about the internal architecture of the RV0xx routers. So much is left to guesswork and/or doing some lab characterization. This article is a combination of doing both while not being an exhaustive treatment of lab characterization tests ... which I'd still like to do.

Question:
"What if I want to connect subnet to subnet AND have the internet access …

Thought I might get some expert up to date advice so spent 15 agonizing minutes signing up for trial. By the time I had done that (had to go thru the form part twice just because I wanted to read the policies before clicking start trial. By then, the article I was reading was long gone. And oddly, the same search that brought it up when not member returned no results after signing up. As for addressing VPN settings on at&t junk router/modem (manual - NO ONE CAN FIND ONE). I could continue on tips - but there was nothing slightly applicable beyond stuff any fairly knowledgable user would know - and many security settings are controversial depending on what article you read. It's now working - but we will see when I update my iPhone tonight. Oh boy!

This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router .

The following demonstrates a traceoptions configuration on a Juniper router which has ospf enabled on it and we will be tracing for ospf .

First this is to go into a mode to make this happen Below is the command from the start of the router .

how would you enable traceoptions ? well traceoptions are protocol specific and not device specific . In the sense you would have traceoptions for ospf , rip , and protocols not for the entire router itself

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues. There are instances when you cannot SSH/telnet to the external/WAN interface of the router but you can SSH/telnet from inside.

The problem is with Network Address Translation (NAT) and related Access Control List (ACL); your configutration needs to expressly permit such external access.

The partial configuration above will be sufficient to allow Internet access from PCs connected to the router's LAN. It will also allow for network administrators to SSH or Telnet to routers from the LAN. However, one will NOT be able to SSH/telnet to the router from the outside, over the Internet.

The problem (assuming that you want that capability) lies within Access Control List.

This article is a guide to configure bridging on Cisco Routers. This is something I never knew was possible until after making a few phone calls to Cisco. Using bridging saved our company money by not requiring us to purchase a new switch. Bridging can also be very useful in smaller environments to help save on wasting IPs. The implementation I will be using for the example is this: A single T1 comes into a router. This router needs to hand off directly to a set of Redundant Firewalls without a switch between them. We need to make sure both firewalls can plug into the router and use the same IP address for their next hop. The commands used here are all entered from a Cisco 2811 running IOS version 12.3(8)T5. Bridging is available in many other IOS versions and from what I have personally seen the commands have not changed. So with all of that out of the way let's get into the router.

First connect to the router via the console. We will be changing IP addresses and disabling interfaces which will cause your telnet sessions to disconnect.

After you connected you will need to be in "enable" mode so that you can make changes to the router.

Next we enter config mode, configure terminal

Now you should be sitting at a prompt similar to the one below:

Router01(config)#

There are three commands that we will enter to ensure that bridging is enabled.

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple situation with R2 connected to SW1 and SW1 allowing only pinging Ethernet interface of R2, not loopback interface

It’s not, why ? The reason is that access list doesn’t apply to traffic initiated from the router itself. So how to test such access list if there is no access to anything behind SW1 ? In order to test it traffic has to re-enter the router which can be achieved by introducing ‘ip local policy routing’. Let’s start from creating appropriate route-map ‘FILTER’ for traffic initiated from SW1:

Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.